[Touch-packages] [Bug 1974483] Re: autoinstall ssh:install-server:false is misleading in 22.04
** Tags added: foundations-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1974483 Title: autoinstall ssh:install-server:false is misleading in 22.04 Status in subiquity: Triaged Status in ubuntu-meta package in Ubuntu: Confirmed Status in ubuntu-meta source package in Jammy: Confirmed Bug description: With 22.04, openssh-server is baked into the image curtin copies to the target. The ssh:install-server key no longer controls whether openssh-server gets installed. It should be easy enough to have the bit of code that installs openssh-server when the key is true also remove it when the key is false. To manage notifications about this bug go to: https://bugs.launchpad.net/subiquity/+bug/1974483/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988772] Re: kinetic livefs builds are failing on dns errors
Images building successfully now. ** Changed in: live-build (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1988772 Title: kinetic livefs builds are failing on dns errors Status in live-build package in Ubuntu: Invalid Status in systemd package in Ubuntu: Fix Released Bug description: the livefs kinetic builds are still failing, every job failed for a week https://launchpad.net/~ubuntu-cdimage/+livefs/ubuntu/kinetic/ubuntu >'Temporary failure resolving 'ftpmaster.internal' Colin poked at it and wrote > livecd-rootfs initially sets up a correct /etc/resolv.conf inside its build chroot; but then > systemd-resolved.postinst moves that aside in favour of a symlink to /run/systemd/resolve/stub- > resolv.conf, but systemd-resolved itself isn't running because livecd-rootfs builds in a chroot, > not a container he also suggested that it could be perhaps handled from live-build scripts/build/lb_chroot_resolv To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/live-build/+bug/1988772/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988772] Re: kinetic livefs builds are failing on dns errors
** Tags added: foundations-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1988772 Title: kinetic livefs builds are failing on dns errors Status in live-build package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Fix Released Bug description: the livefs kinetic builds are still failing, every job failed for a week https://launchpad.net/~ubuntu-cdimage/+livefs/ubuntu/kinetic/ubuntu >'Temporary failure resolving 'ftpmaster.internal' Colin poked at it and wrote > livecd-rootfs initially sets up a correct /etc/resolv.conf inside its build chroot; but then > systemd-resolved.postinst moves that aside in favour of a symlink to /run/systemd/resolve/stub- > resolv.conf, but systemd-resolved itself isn't running because livecd-rootfs builds in a chroot, > not a container he also suggested that it could be perhaps handled from live-build scripts/build/lb_chroot_resolv To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/live-build/+bug/1988772/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988548] Re: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
I manually installed the fixed zlib from kinetic. So far it is working. Could someone put it in proposed for focal and jammy so it will be on the livecd's? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zlib in Ubuntu. https://bugs.launchpad.net/bugs/1988548 Title: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy Status in zlib package in Ubuntu: Confirmed Bug description: There is a crictical security issue with zlib tracked here [1] The newest version in bionic [2] already has a security patch for it but the one in the focal [3] (and jammy) does not. As can be seen from their respective changelogs in the right hand side panel. Since zlib is loaded by lots of software, e.g. the apache weg server, this could be a problem. It seems that focal, jammy and bionic use the same base zlib version (1.2.11), so maybe the patch there could be recycled? I was asked to create a bug here after asking it as question here [4]. Thank you very much for your hard work! [1] CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 [2] Bionic Package: https://packages.ubuntu.com/bionic/zlib1g [3] Focal Package: https://packages.ubuntu.com/focal/zlib1g [4] Original Question: https://answers.launchpad.net/ubuntu/+source/zlib/+question/703010 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1988548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988548] Re: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: zlib (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zlib in Ubuntu. https://bugs.launchpad.net/bugs/1988548 Title: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy Status in zlib package in Ubuntu: Confirmed Bug description: There is a crictical security issue with zlib tracked here [1] The newest version in bionic [2] already has a security patch for it but the one in the focal [3] (and jammy) does not. As can be seen from their respective changelogs in the right hand side panel. Since zlib is loaded by lots of software, e.g. the apache weg server, this could be a problem. It seems that focal, jammy and bionic use the same base zlib version (1.2.11), so maybe the patch there could be recycled? I was asked to create a bug here after asking it as question here [4]. Thank you very much for your hard work! [1] CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 [2] Bionic Package: https://packages.ubuntu.com/bionic/zlib1g [3] Focal Package: https://packages.ubuntu.com/focal/zlib1g [4] Original Question: https://answers.launchpad.net/ubuntu/+source/zlib/+question/703010 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1988548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1989124] Re: libunwind-(13/14)-dev conflicts with libunwind-dev
** Changed in: llvm-toolchain-14 (Ubuntu) Status: New => Confirmed ** Changed in: libunwind (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libunwind in Ubuntu. https://bugs.launchpad.net/bugs/1989124 Title: libunwind-(13/14)-dev conflicts with libunwind-dev Status in libunwind package in Ubuntu: Confirmed Status in llvm-toolchain-14 package in Ubuntu: Confirmed Bug description: Tested on Ubuntu 22.04. Since these two packages (libunwind-14 and libunwind-dev) conflict with each other, I cannot install some libraries and tools that depend on them. For example, I cannot install libc++-14-dev and libgstreamer1.0-dev together, and that's really unfortunate. I'm not sure which packages should be somehow fixed (if any), so feel free to reassign this bug wherever it fits. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1989124/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1989124] Re: libunwind-(13/14)-dev conflicts with libunwind-dev
** Tags added: jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libunwind in Ubuntu. https://bugs.launchpad.net/bugs/1989124 Title: libunwind-(13/14)-dev conflicts with libunwind-dev Status in libunwind package in Ubuntu: New Status in llvm-toolchain-14 package in Ubuntu: New Bug description: Tested on Ubuntu 22.04. Since these two packages (libunwind-14 and libunwind-dev) conflict with each other, I cannot install some libraries and tools that depend on them. For example, I cannot install libc++-14-dev and libgstreamer1.0-dev together, and that's really unfortunate. I'm not sure which packages should be somehow fixed (if any), so feel free to reassign this bug wherever it fits. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1989124/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1989124] Re: libunwind-(13/14)-dev conflicts with libunwind-dev
I was able to recreate this in a jammy schroot: (jammy-amd64)root@impulse:/home/bdmurray/source-trees/autopkgtest# apt-get install libunwind-14-dev Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libbsd0 libedit2 liblzma-dev libmd0 libunwind8 Use 'apt autoremove' to remove them. The following packages will be REMOVED: libunwind-dev The following NEW packages will be installed: libunwind-14-dev 0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. Need to get 39.0 kB of archives. After this operation, 5873 kB disk space will be freed. Do you want to continue? [Y/n] Y Get:1 http://192.168.10.7/ubuntu jammy/main amd64 libunwind-14-dev amd64 1:14.0.0-1ubuntu1 [39.0 kB] Fetched 39.0 kB in 0s (1038 kB/s) (Reading database ... 12554 files and directories currently installed.) Removing libunwind-dev:amd64 (1.3.2-2build2) ... Selecting previously unselected package libunwind-14-dev:amd64. (Reading database ... 12501 files and directories currently installed.) Preparing to unpack .../libunwind-14-dev_1%3a14.0.0-1ubuntu1_amd64.deb ... Unpacking libunwind-14-dev:amd64 (1:14.0.0-1ubuntu1) ... Setting up libunwind-14-dev:amd64 (1:14.0.0-1ubuntu1) ... ** Also affects: libunwind (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libunwind in Ubuntu. https://bugs.launchpad.net/bugs/1989124 Title: libunwind-(13/14)-dev conflicts with libunwind-dev Status in libunwind package in Ubuntu: New Status in llvm-toolchain-14 package in Ubuntu: New Bug description: Tested on Ubuntu 22.04. Since these two packages (libunwind-14 and libunwind-dev) conflict with each other, I cannot install some libraries and tools that depend on them. For example, I cannot install libc++-14-dev and libgstreamer1.0-dev together, and that's really unfortunate. I'm not sure which packages should be somehow fixed (if any), so feel free to reassign this bug wherever it fits. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libunwind/+bug/1989124/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy: [2022/08/25 16:04:05.848067, 0] ../../lib/util/become_daemon.c:119(exit_daemon) exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 This "printing subsystem" is actually a new daemon called samba-bgqd. This errors prevents "smbd" from starting. The reason it failed to start is that this binary is installed on a different path than what is allowed in the samba apparmor profiles, and as a result its execution is denied. The chosen fix for this is to change the path of samba-bgqd in the samba apparmor profiles to match where it is actually being installed in the jammy packaging. Changing the actual path in the samba packaging would be a more invasive fix. In kinetic and later, the installation path of samba-bgqd was changed instead, and requires no changes to the apparmor profiles. However, once the path in the apparmor profiles was fixed for jammy, another error comes up which also requires an apparmor change. samba- bgqd is using locking when opening the *.tdb files in /run/samba, and that requires an extra "k" flag to apparmor rules that cover that directory and its tdb files. This bug doesn't affect jammy samba users by default, as they have to complete steps (a) and (b) from above to be impacted. Therefore, on its own, this bug does not warrant an SRU, and we are using the block- proposed-jammy tag to prevent its release until such time when another more SRU-worthy apparmor bug is fixed for Jammy. [Test Plan] Make a container for testing: $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test Install the needed packages: # apt update && apt install apparmor-profiles apparmor-utils samba Confirm that you have smbd and samba-bgqd processes confined and in complain mode (check first column): # ps faxZ | grep -E "(smbd|bgqd)" | grep -v grep smbd (complain)2432 ?Ss 0:00 /usr/sbin/smbd --foreground --no-process-group smbd (complain)2434 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd (complain)2435 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd//null-/usr/lib/x86_64-linux-gnu/samba/samba-bgqd (complain) 2436 ? S 0:00 \_ /usr/lib/x86_64-linux-gnu/samba/samba-bgqd Change the samba profiles to enforce mode: - # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd + # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. Setting /etc/apparmor.d/samba-bgqd to enforce mode. Restart smbd: # systemctl restart smbd systemctl won't complain, but smbd failed to start: root@jammy-test:~# ps faxZ | grep smbd | grep -v smbd - root@jammy-test:~# + root@jammy-test:~# # tail -2 /var/log/samba/log.smbd [2022/09/09 18:20:35.200901, 0] ../../lib/util/become_daemon.c:119(exit_daemon) - exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 + exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 And dmesg on the *host* (not the container) will log a few DENIED messages like this: [sex set 9 15:20:30 2022] audit: type=1400 audit(1662747635.194:10356): apparmor="DENIED" operation="exec" namespace="root//lxd-jammy-test_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=994396 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 + After installing the fixed package (and accepting the dpkg conf prompt + changes), the new profile will be loaded in complain mode again. So + let's put it in enforce mode one more time: + + # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd + Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. + Setting /etc/apparmor.d/samba-bgqd to enforce mode. + + Restart: + # systemctl restart smbd + + And confirm that smbd and samba-bgqd are running this time, and in + enforce mode: + + TBD [Where problems could occur] An apparmor update will impact all ubuntu users, regardless if they are using samba or not. One has to weigh this carefully with the importance of the bug that is being fixed. This update will restart apparmor on the target system. All sorts of things can happen due to that: - all apparmor profiles will be reloaded and reapplied - if users have modified default profiles in /etc/apparmor.d/* (not inside local/*), they will get a dpkg conf prompt during this update - in particular, users who have changed the samba profile
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy: [2022/08/25 16:04:05.848067, 0] ../../lib/util/become_daemon.c:119(exit_daemon) exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 This "printing subsystem" is actually a new daemon called samba-bgqd. This errors prevents "smbd" from starting. The reason it failed to start is that this binary is installed on a different path than what is allowed in the samba apparmor profiles, and as a result its execution is denied. The chosen fix for this is to change the path of samba-bgqd in the samba apparmor profiles to match where it is actually being installed in the jammy packaging. Changing the actual path in the samba packaging would be a more invasive fix. In kinetic and later, the installation path of samba-bgqd was changed instead, and requires no changes to the apparmor profiles. However, once the path in the apparmor profiles was fixed for jammy, another error comes up which also requires an apparmor change. samba- bgqd is using locking when opening the *.tdb files in /run/samba, and that requires an extra "k" flag to apparmor rules that cover that directory and its tdb files. This bug doesn't affect jammy samba users by default, as they have to complete steps (a) and (b) from above to be impacted. Therefore, on its own, this bug does not warrant an SRU, and we are using the block- proposed-jammy tag to prevent its release until such time when another more SRU-worthy apparmor bug is fixed for Jammy. [Test Plan] Make a container for testing: $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test - # First of all, install apparmor-profiles, apparmor-utils and samba. + Install the needed packages: # apt update && apt install apparmor-profiles apparmor-utils samba - # Confirm that you have smbd and samba-bgqd processes confined and in complain mode (check first column): + Confirm that you have smbd and samba-bgqd processes confined and in complain mode (check first column): # ps faxZ | grep -E "(smbd|bgqd)" | grep -v grep smbd (complain)2432 ?Ss 0:00 /usr/sbin/smbd --foreground --no-process-group smbd (complain)2434 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd (complain)2435 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group - smbd//null-/usr/lib/x86_64-linux-gnu/samba/samba-bgqd (complain) 2436 ? S 0:00 \_ /usr/lib/x86_64-linux-gnu/samba/samba-bgqd + smbd//null-/usr/lib/x86_64-linux-gnu/samba/samba-bgqd (complain) 2436 ? S 0:00 \_ /usr/lib/x86_64-linux-gnu/samba/samba-bgqd + Change the samba profiles to enforce mode: + # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd + Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. + Setting /etc/apparmor.d/samba-bgqd to enforce mode. - 4.Then check the dmesg output. + Restart smbd: + # systemctl restart smbd - $ dmesg -T + systemctl won't complain, but smbd failed to start: + root@jammy-test:~# ps faxZ | grep smbd | grep -v smbd + root@jammy-test:~# - [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 - [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 - [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 - [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 - [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/locking.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 + # tail -2 /var/log/samba/log.smbd + [2022/09/09 18:20:35.200901, 0] ../../lib/util/become_daemon.c:119(exit_daemon) + exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 - 5.At the end of the output
[Touch-packages] [Bug 1982108] Re: SRU: update python3.10 to the 3.10.5 release in 22.04 LTS
thanks... and again all fixed with kodi with this version! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python3-defaults in Ubuntu. https://bugs.launchpad.net/bugs/1982108 Title: SRU: update python3.10 to the 3.10.5 release in 22.04 LTS Status in python3-defaults package in Ubuntu: New Status in python3-stdlib-extensions package in Ubuntu: Confirmed Status in python3.10 package in Ubuntu: Confirmed Status in python3-defaults source package in Jammy: Fix Committed Status in python3-stdlib-extensions source package in Jammy: Fix Committed Status in python3.10 source package in Jammy: Fix Committed Bug description: SRU: update python3.10 to the 3.10.5 release in 22.04 LTS we are doing a test rebuild of 22.04 main to check for regressions. test rebuilds at https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20220728-jammy-jammy.html https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20220728-jammy-gcc-jammy.html the first one is the reference test rebuild, the second one the rebuild using updated binutils, GCC and python packages. Analysis: regressions on riscv64 (caused by enabling the tests) are: abseil adsys colord dovecot glib-networking glibc gnome-bluetooth3 gnome-control-center google-perftools json-glib libfprint libgdata memcached mir openvswitch ovn pmdk power-profiles-daemon strace swtpm vim devscripts is not a regression, introduced by a custom dpkg- buildpackage wrapper. binutils and python3-stdlib-extensions are superseded which are part of the planned updates. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1982108/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy: [2022/08/25 16:04:05.848067, 0] ../../lib/util/become_daemon.c:119(exit_daemon) exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 This "printing subsystem" is actually a new daemon called samba-bgqd. This errors prevents "smbd" from starting. The reason it failed to start is that this binary is installed on a different path than what is allowed in the samba apparmor profiles, and as a result its execution is denied. The chosen fix for this is to change the path of samba-bgqd in the samba apparmor profiles to match where it is actually being installed in the jammy packaging. Changing the actual path in the samba packaging would be a more invasive fix. In kinetic and later, the installation path of samba-bgqd was changed instead, and requires no changes to the apparmor profiles. However, once the path in the apparmor profiles was fixed for jammy, another error comes up which also requires an apparmor change. samba- bgqd is using locking when opening the *.tdb files in /run/samba, and that requires an extra "k" flag to apparmor rules that cover that directory and its tdb files. This bug doesn't affect jammy samba users by default, as they have to complete steps (a) and (b) from above to be impacted. Therefore, on its own, this bug does not warrant an SRU, and we are using the block- proposed-jammy tag to prevent its release until such time when another more SRU-worthy apparmor bug is fixed for Jammy. [Test Plan] - ** Reproduction ** - Make a container for testing: $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test - 1.First of all, install apparmor-profiles, apparmor-utils and samba. - $ apt install apparmor-profiles apparmor-utils samba + # First of all, install apparmor-profiles, apparmor-utils and samba. + # apt update && apt install apparmor-profiles apparmor-utils samba - 2.Perform proper command to display current running processes. (e.g. ps fauxZ). - $ ps fauxZ + # Confirm that you have smbd and samba-bgqd processes confined and in complain mode (check first column): + # ps faxZ | grep -E "(smbd|bgqd)" | grep -v grep - nmbd (complain) root2129 0.0 0.0 68720 10628 ? Ss 16:43 0:00 /usr/sbin/nmbd --foreground --no-process-group - smbd (complain) root2141 0.0 0.1 84840 16264 ? Ss 16:43 0:00 /usr/sbin/smbd --foreground --no-process-group - smbd (complain) root2143 0.0 0.0 82360 8544 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group - smbd (complain) root2144 0.0 0.0 82352 6820 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + smbd (complain)2432 ?Ss 0:00 /usr/sbin/smbd --foreground --no-process-group + smbd (complain)2434 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + smbd (complain)2435 ?S 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + smbd//null-/usr/lib/x86_64-linux-gnu/samba/samba-bgqd (complain) 2436 ? S 0:00 \_ /usr/lib/x86_64-linux-gnu/samba/samba-bgqd - 3.At the end of the output, you should be able to see smbd(complain) in - the left column. 4.Then check the dmesg output. $ dmesg -T [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/locking.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_ma
[Touch-packages] [Bug 1907878] Re: wrong var declaration in if-up.d/resolved (nm-dispatcher[54417]: /etc/network/if-up.d/resolved: 12: mystatedir: not found)
** Also affects: ifupdown (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: ifupdown (Ubuntu Jammy) Status: New => Triaged ** Changed in: ifupdown (Ubuntu Jammy) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1907878 Title: wrong var declaration in if-up.d/resolved (nm-dispatcher[54417]: /etc/network/if-up.d/resolved: 12: mystatedir: not found) Status in ifupdown package in Ubuntu: Fix Released Status in ifupdown source package in Jammy: Triaged Bug description: Syslog error: nm-dispatcher[...]: /etc/network/if-up.d/resolved: 12: mystatedir: not found I think it's because of this line: if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then mystatedir statedir ifindex interface <- this is interpreted as a 'mystatedir' command and fails interface=$IFACE if [ ! "$interface" ]; then Perhaps the intention was to 'export mystatedir statedir ...' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy: [2022/08/25 16:04:05.848067, 0] ../../lib/util/become_daemon.c:119(exit_daemon) exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 This "printing subsystem" is actually a new daemon called samba-bgqd. This errors prevents "smbd" from starting. The reason it failed to start is that this binary is installed on a different path than what is allowed in the samba apparmor profiles, and as a result its execution is denied. The chosen fix for this is to change the path of samba-bgqd in the samba apparmor profiles to match where it is actually being installed in the jammy packaging. Changing the actual path in the samba packaging would be a more invasive fix. In kinetic and later, the installation path of samba-bgqd was changed instead, and requires no changes to the apparmor profiles. However, once the path in the apparmor profiles was fixed for jammy, another error comes up which also requires an apparmor change. samba- bgqd is using locking when opening the *.tdb files in /run/samba, and that requires an extra "k" flag to apparmor rules that cover that directory and its tdb files. This bug doesn't affect jammy samba users by default, as they have to complete steps (a) and (b) from above to be impacted. Therefore, on its own, this bug does not warrant an SRU, and we are using the block- proposed-jammy tag to prevent its release until such time when another more SRU-worthy apparmor bug is fixed for Jammy. [Test Plan] ** Reproduction ** Make a container for testing: $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test 1.First of all, install apparmor-profiles, apparmor-utils and samba. $ apt install apparmor-profiles apparmor-utils samba 2.Perform proper command to display current running processes. (e.g. ps fauxZ). $ ps fauxZ nmbd (complain) root2129 0.0 0.0 68720 10628 ? Ss 16:43 0:00 /usr/sbin/nmbd --foreground --no-process-group smbd (complain) root2141 0.0 0.1 84840 16264 ? Ss 16:43 0:00 /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2143 0.0 0.0 82360 8544 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2144 0.0 0.0 82352 6820 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group 3.At the end of the output, you should be able to see smbd(complain) in the left column. 4.Then check the dmesg output. $ dmesg -T [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/locking.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 5.At the end of the output, you will notice profile=”samba-bgqd” apparmor=”ALLOWED” 6.Later, check the apparmor status using the aa-status command. $ aa-status 24 profiles are in complain mode. avahi-daemon dnsmasq dnsmasq//libvirt_leaseshelper identd klogd mdnsd nmbd nscd php-fpm ping samba-bgqd smbldap-useradd smbldap-useradd///etc/init.d/nscd snap.git-ubuntu.git-ubuntu snap.git-ubuntu.import-source-packages snap.git-ubuntu.man snap.git-ubuntu.merge-changelogs snap.git-ubuntu.reconstruct-changelog snap.git-ubuntu.self-test snap.git-ubuntu.source-package-walker snap.git-ubuntu.update-repository-alias syslog-ng
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: [Impact] - Path to samba-bgqd is wrong on 22.04. - Changing from /usr/lib*/samba/samba-bgqd into /usr/lib/@{multiarch}/samba/samba-bgqd to align different architectures. - The @{multiarch} was initialized at the code before. - Before fixing it might confuse users with ambiguity. - This was later changed by moving the binary, but for an SRU let us just adapt the path in apparmor. + Users who have: + a) opted in to confining samba with apparmor (by installing apparmor-profiles); and + b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; + will experience an error in starting the smbd service in jammy: - Obviously, the bug doesn’t affect users by default, because the samba profiles - are only installed and activated if you install the apparmor-profiles package and moreover it has to be in enforce mode to affect users. The profile is applied in complain mode by default. - After all these conditions are met, then the impact is that the samba services will fail to start. + [2022/08/25 16:04:05.848067, 0] ../../lib/util/become_daemon.c:119(exit_daemon) + exit_daemon: daemon failed to start: Samba failed to init printing subsystem, error code 13 - The next thing which occurred was the problem with ‘k’ flag which was - needed in for the *.tdb files within /etc/apparmor.d/abstractions/samba. + This "printing subsystem" is actually a new daemon called samba-bgqd. + This errors prevents "smbd" from starting. + + The reason it failed to start is that this binary is installed on a + different path than what is allowed in the samba apparmor profiles, and + as a result its execution is denied. + + The chosen fix for this is to change the path of samba-bgqd in the samba + apparmor profiles to match where it is actually being installed in the + jammy packaging. Changing the actual path in the samba packaging would + be a more invasive fix. + + In kinetic and later, the installation path of samba-bgqd was changed + instead, and requires no changes to the apparmor profiles. + + However, once the path in the apparmor profiles was fixed for jammy, + another error comes up which also requires an apparmor change. samba- + bgqd is using locking when opening the *.tdb files in /run/samba, and + that requires an extra "k" flag to apparmor rules that cover that + directory and its tdb files. + + This bug doesn't affect jammy samba users by default, as they have to + complete steps (a) and (b) from above to be impacted. Therefore, on its + own, this bug does not warrant an SRU, and we are using the block- + proposed-jammy tag to prevent its release until such time when another + more SRU-worthy apparmor bug is fixed for Jammy. [Test Plan] ** Reproduction ** Make a container for testing: - $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test - 1.First of all, install apparmor-profiles, apparmor-utils and samba. $ apt install apparmor-profiles apparmor-utils samba 2.Perform proper command to display current running processes. (e.g. ps fauxZ). $ ps fauxZ nmbd (complain) root2129 0.0 0.0 68720 10628 ? Ss 16:43 0:00 /usr/sbin/nmbd --foreground --no-process-group smbd (complain) root2141 0.0 0.1 84840 16264 ? Ss 16:43 0:00 /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2143 0.0 0.0 82360 8544 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2144 0.0 0.0 82352 6820 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group - 3.At the end of the output, you should be able to see smbd(complain) in the left column. - 4.Then check the dmesg output. - $ dmesg -T [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): app
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
Removing the samba task as there is nothing to do there for jammy. ** No longer affects: samba (Ubuntu Jammy) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1979879 Title: Apparmor profile in 22.04 jammy - fails to start when printing enabled Status in apparmor package in Ubuntu: Invalid Status in samba package in Ubuntu: Fix Released Status in apparmor source package in Jammy: In Progress Bug description: [Impact] Path to samba-bgqd is wrong on 22.04. Changing from /usr/lib*/samba/samba-bgqd into /usr/lib/@{multiarch}/samba/samba-bgqd to align different architectures. The @{multiarch} was initialized at the code before. Before fixing it might confuse users with ambiguity. This was later changed by moving the binary, but for an SRU let us just adapt the path in apparmor. Obviously, the bug doesn’t affect users by default, because the samba profiles are only installed and activated if you install the apparmor-profiles package and moreover it has to be in enforce mode to affect users. The profile is applied in complain mode by default. After all these conditions are met, then the impact is that the samba services will fail to start. The next thing which occurred was the problem with ‘k’ flag which was needed in for the *.tdb files within /etc/apparmor.d/abstractions/samba. [Test Plan] ** Reproduction ** Make a container for testing: $ lxc launch ubuntu-daily:jammy jammy-test $ lxc shell jammy-test 1.First of all, install apparmor-profiles, apparmor-utils and samba. $ apt install apparmor-profiles apparmor-utils samba 2.Perform proper command to display current running processes. (e.g. ps fauxZ). $ ps fauxZ nmbd (complain) root2129 0.0 0.0 68720 10628 ? Ss 16:43 0:00 /usr/sbin/nmbd --foreground --no-process-group smbd (complain) root2141 0.0 0.1 84840 16264 ? Ss 16:43 0:00 /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2143 0.0 0.0 82360 8544 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group smbd (complain) root2144 0.0 0.0 82352 6820 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group 3.At the end of the output, you should be able to see smbd(complain) in the left column. 4.Then check the dmesg output. $ dmesg -T [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/locking.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 5.At the end of the output, you will notice profile=”samba-bgqd” apparmor=”ALLOWED” 6.Later, check the apparmor status using the aa-status command. $ aa-status 24 profiles are in complain mode. avahi-daemon dnsmasq dnsmasq//libvirt_leaseshelper identd klogd mdnsd nmbd nscd php-fpm ping samba-bgqd smbldap-useradd smbldap-useradd///etc/init.d/nscd snap.git-ubuntu.git-ubuntu snap.git-ubuntu.import-source-packages snap.git-ubuntu.man snap.git-ubuntu.merge-changelogs snap.git-ubuntu.reconstruct-changelog snap.git-ubuntu.self-test snap.git-ubuntu.source-package-walker snap.git-ubuntu.update-repository-alias syslog-ng syslogd traceroute You will notice that samba-bgqd is still in complain mode. 7.Type in aa-enforce /etc/apparmor.d/samba-bgqd /etc/apparmor.d/usr.sbin.smbd to set the paths to enforce mode. Setting /etc/apparmor.d/samba-bgqd to enforce mode. Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. Now when you display current running processes, you
[Touch-packages] [Bug 639940] Re: sendsigs can kill upstart scripts' child processes prematurely on system shutdown
** Changed in: sysvinit (Ubuntu) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sysvinit in Ubuntu. https://bugs.launchpad.net/bugs/639940 Title: sendsigs can kill upstart scripts' child processes prematurely on system shutdown Status in sysvinit package in Ubuntu: Won't Fix Bug description: Binary package hint: sysvinit sendsigs can kill child processes executed as part of upstart pre/post-stop scripts. It successfully omits upstart processes (daemons and the script processes themselves), but if you use anything other than shell builtins in an upstart job script, those shell- spawned processes don't wind up in OMITPIDS and killall5 kills them. For example, 143 (15/SIGTERM) ends up in /tmp/foo with a script like this. pre-stop script sleep 30 || echo $? >/tmp/foo end script Also, the post-SIGTERM loop ends prematurely because killall5 supports a maximum of 16 omitted processes (LP#634460). In my case, the ssh (LP#603363), portmap, statd, and (obviously) rc upstart jobs are still running. Each iteration of the post-SIGTERM loop duplicates these processes in OMITPIDS. On the fifth iteration, the list overflows and killall5 terminates with exitstatus 1. The loop terminates prematurely, since it interprets killall5 failure as an indicator that all SIGTERMed processes have terminated. The attached sendsigs fixes both problems. It won't kill processes that are children of upstart processes. In doing so, it avoids the use of killall5(1), allowing SIGTERMed processes the full ten seconds to shut down gracefully before SIGKILL. If killall5 had parent process checking, using that would be faster, but the fixed omitpid list size would still be a problem. Doing it "by hand" in the shell is reasonably fast, since there shouldn't be many processes still running. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/639940/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1980494] Re: krb5-multidev is not multi-arch installable due to differences in /usr/bin/krb5-config.mit
** Tags added: foundations-triage-discuss -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1980494 Title: krb5-multidev is not multi-arch installable due to differences in /usr/bin/krb5-config.mit Status in krb5 package in Ubuntu: New Bug description: I am trying to build wine in a wow64 configuration and need to install the i386 and amd64 version of the krb5-multidev package on Ubuntu 22.04. The two version are not co-installable due to differences in the /usr/bin/krb5-config.mit file between the two version of the package. The diff between the two files is: --- krb5-config.mit-i386 2022-06-18 21:32:44.034889873 -0400 +++ krb5-config.mit-amd64 2022-06-18 21:31:37.302149522 -0400 @@ -40,7 +40,7 @@ libdir=/usr/lib/${tripple}/mit-krb5 CC_LINK='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' KDB5_DB_LIB= -LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' +LDFLAGS='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro' RPATH_FLAG='' PROG_RPATH_FLAGS='' PTHREAD_CFLAGS='-pthread' The krb5-multidev package is co-installable on Debian. It appears that Ubuntu uses different default linker flags for the i386 and amd64 platforms and Debian does not. This bug is related to https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1970979 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1980494/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1943441] Re: lxc: lxc-test-parse-config-file failure (expected value and retrieved value do not match)
Failing with 2022.08.29/focal/linux-fips/5.4.0-1061.69 ** Tags added: sru-20220829 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1943441 Title: lxc: lxc-test-parse-config-file failure (expected value and retrieved value do not match) Status in ubuntu-kernel-tests: New Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Focal: New Status in lxc source package in Impish: Confirmed Bug description: I'm getting the following error with the lxc kernel autotest on impish: 08:46:04 DEBUG| parse_config_file.c: 60: set_get_compare_clear_save_load: expected value "system_u:system_r:lxc_t:s0:c22" and retrieved value "" for config key "lxc.selinux.context" do not match 08:46:04 DEBUG| 08:46:04 DEBUG| parse_config_file.c: 382: main: lxc.selinux.context 08:46:06 INFO | ERRORubuntu_lxc.lxc-test-parse-config-file ubuntu_lxc.lxc-test-parse-config-filetimestamp=1631090766localtime=Sep 08 08:46:06Command failed, rc=1, Command returned non-zero exit status * Command: /tmp/lxc-pkg-ubuntu/src/tests/lxc-test-parse-config-file Exit status: 1 Duration: 0.0550210475922 stderr: parse_config_file.c: 60: set_get_compare_clear_save_load: expected value "system_u:system_r:lxc_t:s0:c22" and retrieved value "" for config key "lxc.selinux.context" do not match parse_config_file.c: 382: main: lxc.selinux.context I haven't investigated very much, but it looks like a (mis)configuration change / issue. Does it ring any bell? Otherwise I'll investigate more. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1943441/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1989190] Re: Bionic networking failures after NIC reordering
Reproducer script for both variants of systemd. ** Attachment added: "reproducer script" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1989190/+attachment/5614805/+files/lp1989190-reproducer.sh ** Description changed: - Partially documented in https://bugs.launchpad.net/bugs/1958280 and + Documented across https://bugs.launchpad.net/bugs/1958280 and https://canonical.force.com/ua/s/case/5004K0E96qlQAB/vf-nic-not- getting-renamed-properly-for-ubuntu-2004. - Splitting these reports to focus on Bionic, because it's different than - 20.04+ and last week's failure + Creating this bug to focus on Bionic, because it's different than 20.04+ + and last week's failure https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1988119 helped me identify part of the root cause. When NICs are renamed on boot, networkd tends to fail to configure them. # WITHOUT THE PROPOSED SYSTEMD PATCH cpatterson@test-ubu1804-nicrenamerepro-x1:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP - 1 lo loopback carrier unmanaged - 2 eth0 ether routableconfigured - 3 eth1 ether n/a unmanaged - 4 eth2 ether routableconfigured - 5 eth3 ether routableconfigured - 6 eth4 ether routableconfigured - 7 eth5 ether off unmanaged - 8 eth6 ether off unmanaged - 9 eth7 ether off unmanaged - + 1 lo loopback carrier unmanaged + 2 eth0 ether routableconfigured + 3 eth1 ether n/a unmanaged + 4 eth2 ether routableconfigured + 5 eth3 ether routableconfigured + 6 eth4 ether routableconfigured + 7 eth5 ether off unmanaged + 8 eth6 ether off unmanaged + 9 eth7 ether off unmanaged ### As expected, we can see the properties are missing. cpatterson@test-ubu1804-nicrenamerepro-x1:~$ sudo udevadm info /sys/class/net/eth7 P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022481f-69aa-0022-481f-69aa0022481f/net/eth7 E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022481f-69aa-0022-481f-69aa0022481f/net/rename9 E: ID_NET_NAME_MAC=enx0022481f69aa E: ID_OUI_FROM_DATABASE=Microsoft Corporation E: ID_PATH=acpi-VMBUS:01 E: ID_PATH_TAG=acpi-VMBUS_01 E: IFINDEX=9 E: INTERFACE=eth1 E: SUBSYSTEM=net E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/rename9 /sys/subsystem/net/devices/eth1 /sys/subsystem/net/devices/cirename0 /sys/subsystem/net/devices/eth7 E: TAGS=:systemd: E: USEC_INITIALIZED=11203606 ### As expected, restarting networkd does not fix the issue. cpatterson@test-ubu1804-nicrenamerepro-x1:~$ sudo systemctl restart systemd-networkd cpatterson@test-ubu1804-nicrenamerepro-x1:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP - 1 lo loopback carrier unmanaged - 2 eth0 ether routableconfigured - 3 eth1 ether off unmanaged - 4 eth2 ether routableconfigured - 5 eth3 ether routableconfigured - 6 eth4 ether routableconfigured - 7 eth5 ether off unmanaged - 8 eth6 ether off unmanaged - 9 eth7 ether off unmanaged + 1 lo loopback carrier unmanaged + 2 eth0 ether routableconfigured + 3 eth1 ether off unmanaged + 4 eth2 ether routableconfigured + 5 eth3 ether routableconfigured + 6 eth4 ether routableconfigured + 7 eth5 ether off unmanaged + 8 eth6 ether off unmanaged + 9 eth7 ether off unmanaged 9 links listed. # WITH THE PROPOSED SYSTEMD PATCH I built systemd with the proposed patches in https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1988119. With these patches, networking still comes up broken, but restarting networkd does fix things. cpatterson@test-ubu1804-nicrenamerepro-systemd55-x2:~$ networkctl list IDX LINK TYPE
[Touch-packages] [Bug 1989190] [NEW] Bionic networking failures after NIC reordering
Public bug reported: Documented across https://bugs.launchpad.net/bugs/1958280 and https://canonical.force.com/ua/s/case/5004K0E96qlQAB/vf-nic-not- getting-renamed-properly-for-ubuntu-2004. Creating this bug to focus on Bionic, because it's different than 20.04+ and last week's failure https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1988119 helped me identify part of the root cause. When NICs are renamed on boot, networkd tends to fail to configure them. # WITHOUT THE PROPOSED SYSTEMD PATCH cpatterson@test-ubu1804-nicrenamerepro-x1:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 eth0 ether routableconfigured 3 eth1 ether n/a unmanaged 4 eth2 ether routableconfigured 5 eth3 ether routableconfigured 6 eth4 ether routableconfigured 7 eth5 ether off unmanaged 8 eth6 ether off unmanaged 9 eth7 ether off unmanaged ### As expected, we can see the properties are missing. cpatterson@test-ubu1804-nicrenamerepro-x1:~$ sudo udevadm info /sys/class/net/eth7 P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022481f-69aa-0022-481f-69aa0022481f/net/eth7 E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022481f-69aa-0022-481f-69aa0022481f/net/rename9 E: ID_NET_NAME_MAC=enx0022481f69aa E: ID_OUI_FROM_DATABASE=Microsoft Corporation E: ID_PATH=acpi-VMBUS:01 E: ID_PATH_TAG=acpi-VMBUS_01 E: IFINDEX=9 E: INTERFACE=eth1 E: SUBSYSTEM=net E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/rename9 /sys/subsystem/net/devices/eth1 /sys/subsystem/net/devices/cirename0 /sys/subsystem/net/devices/eth7 E: TAGS=:systemd: E: USEC_INITIALIZED=11203606 ### As expected, restarting networkd does not fix the issue. cpatterson@test-ubu1804-nicrenamerepro-x1:~$ sudo systemctl restart systemd-networkd cpatterson@test-ubu1804-nicrenamerepro-x1:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 eth0 ether routableconfigured 3 eth1 ether off unmanaged 4 eth2 ether routableconfigured 5 eth3 ether routableconfigured 6 eth4 ether routableconfigured 7 eth5 ether off unmanaged 8 eth6 ether off unmanaged 9 eth7 ether off unmanaged 9 links listed. # WITH THE PROPOSED SYSTEMD PATCH I built systemd with the proposed patches in https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1988119. With these patches, networking still comes up broken, but restarting networkd does fix things. cpatterson@test-ubu1804-nicrenamerepro-systemd55-x2:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 eth0 ether routableconfigured 3 eth1 ether n/a unmanaged 4 eth2 ether n/a unmanaged 5 eth3 ether n/a unmanaged 6 eth4 ether routableconfigured 7 eth5 ether n/a unmanaged 8 eth6 ether n/a unmanaged 9 eth7 ether n/a unmanaged 9 links listed. cpatterson@test-ubu1804-nicrenamerepro-systemd55-x2:~$ sudo udevadm info /sys/class/net/eth1 P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022482b-f769-0022-482b-f7690022482b/net/eth1 E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/0022482b-f769-0022-482b-f7690022482b/net/rename3 E: ID_NET_DRIVER=hv_netvsc E: ID_NET_LINK_FILE=/run/systemd/network/10-netplan-eth7.link E: ID_NET_NAME=eth1 E: ID_NET_NAME_MAC=enx0022482bf769 E: ID_OUI_FROM_DATABASE=Microsoft Corporation E: ID_PATH=acpi-VMBUS:01 E: ID_PATH_TAG=acpi-VMBUS_01 E: IFINDEX=3 E: INTERFACE=eth7 E: NM_UNMANAGED=1 E: SUBSYSTEM=net E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/rename3 /sys/subsystem/net/devices/eth7 /sys/subsystem/net/devices/eth1 E: TAGS=:systemd: E: USEC_INITIALIZED=10280176 cpatterson@test-ubu1804-nicrenamerepro-systemd55-x2:~$ sudo systemctl restart systemd-networkd cpatterson@test-ubu1804-nicrenamerepro-systemd55-x2:~$ networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 e
[Touch-packages] [Bug 1966849] Re: gzip exec format error under WSL1
Hello Bruno, or anyone else affected, Accepted gzip into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: gzip (Ubuntu Jammy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gzip in Ubuntu. https://bugs.launchpad.net/bugs/1966849 Title: gzip exec format error under WSL1 Status in gzip: New Status in gzip package in Ubuntu: Fix Released Status in gzip source package in Jammy: Fix Committed Status in gzip source package in Kinetic: Fix Released Bug description: [Impact] * Optimization features included in jammy cause atypical alignment of LOAD ELF sections. This in turn causes failure to execute binaries on WSL1. Upstream have since integrated the optimization features included in jammy, but also reverted alignment to a previously used one. This also results in working binary under WSL1. * Cherry-pick upstream applied revert to alignment to resolve running gzip under WSL1. [Test Plan] * Use powershell to set default WSL version to 1 * Deploy WSL1, unpack and use updated gzip package * gzip --version should execute correctly under WSL 1 [Where problems could occur] * I cannot tell why performance improvement patches introduced alignment change, and if revert of the alignment change affects the performance. Note that this change aligns the codebase closer to what kinetic & upstream now are. [Other Info] * This bug fix is upstream commit https://git.savannah.gnu.org/cgit/gzip.git/commit/gzip.c?id=23a870d14a49803c6d2579071886c1acf497c9d1 --- gzip version 1.10-4ubuntu3 fails to run under WSL1 on Windows 19044.1620, making WSL pretty much unusable. bash: /usr/bin/gzip: cannot execute binary file: Exec format error ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: gzip 1.10-4ubuntu3 ProcVersionSignature: Microsoft 4.4.0-19041.1237-Microsoft 4.4.35 Uname: Linux 4.4.0-19041-Microsoft x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Mar 29 06:40:33 2022 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=pl_PL.UTF-8 SHELL=/usr/bin/fish SourcePackage: gzip UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/gzip/+bug/1966849/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971632] Re: Kubuntu 22.04, Bluetooth Headphones connect automatically, then immediately disconnect; pulseautio crashes every time
Hello Michael, or anyone else affected, Accepted pulseaudio into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pulseaudio/1:15.99.1+dfsg1-1ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: pulseaudio (Ubuntu Jammy) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1971632 Title: Kubuntu 22.04, Bluetooth Headphones connect automatically, then immediately disconnect; pulseautio crashes every time Status in pulseaudio package in Ubuntu: Fix Released Status in pulseaudio source package in Jammy: Fix Committed Bug description: * Impact On a fresh install of Kubuntu 22.04, when I turn my properly paired bluetooth headphones on they automatically connect to the system, then immediately disconnect again. The headphones thus have to be manually 're-connected' every time. * Test case Connect a bluetooth headset to the computer, try to change the active profile. The selection should be reflected and the quality match, the pairing and service should be stable * Regression potential The changes are in the bluetooth a2dp/sbc functions so any potential regression would impact the connectivity with bluetooth devices using an a2dp profile (aptX, SBC, AAC). Check with different devices using the previously listed profiles. Best as I understand it from the logs (appended below), pulseaudio showing up killed just after the headphones turn up as an unregistered sender ... 4/30/22 7:33 PM systemd pulseaudio.service: Main process exited, code=killed, status=8/FPE ... is responsible for the observed problem, i.e. the disconnect, probably triggered when pulseaudio restarts ... 4/30/22 7:33 PM systemd pulseaudio.service: Scheduled restart job, restart counter is at 2. So it seems either an internal pulseaudio problem, or a problem triggered by the division by 0 in the bluetooth module ... 4/30/22 7:33 PM kernel traps: bluetooth[8884] trap divide error ip:7f862dc68490 sp:7f862498cc30 error:0 in module-bluez5-device.so[7f862dc66000+9000] or some combination of the two ... but again, I'm only guessing here. ___ System Logs after switching headphones on: 4/30/22 7:33 PM kernel input: Nat's Flex (AVRCP) as /devices/virtual/input/input31 4/30/22 7:33 PM systemd-logind Watching system buttons on /dev/input/event19 (Nat's Flex (AVRCP)) 4/30/22 7:33 PM bluetoothd /org/bluez/hci0/dev_A8_91_3D_DF_A8_F4/fd3: fd(43) ready 4/30/22 7:33 PM rtkit-daemonSupervising 0 threads of 0 processes of 0 users. 4/30/22 7:33 PM rtkit-daemonSuccessfully made thread 8884 of process 3426 owned by '1000' RT at priority 5. 4/30/22 7:33 PM rtkit-daemonSupervising 1 threads of 1 processes of 1 users. 4/30/22 7:33 PM kernel traps: bluetooth[8884] trap divide error ip:7f862dc68490 sp:7f862498cc30 error:0 in module-bluez5-device.so[7f862dc66000+9000] 4/30/22 7:33 PM bluetoothd Endpoint unregistered: sender=:1.126 path=/MediaEndpoint/A2DPSink/sbc 4/30/22 7:33 PM bluetoothd Endpoint unregistered: sender=:1.126 path=/MediaEndpoint/A2DPSource/sbc 4/30/22 7:33 PM bluetoothd Endpoint unregistered: sender=:1.126 path=/MediaEndpoint/A2DPSink/sbc_xq_453 4/30/22 7:33 PM bluetoothd Endpoint unregistered: sender=:1.126 path=/MediaEndpoint/A2DPSource/sbc_xq_453 4/30/22 7:33 PM bluetoothd Endpoint unregistered: sender=:1.126 path=/MediaEndpoint/A2DPSink/sbc_xq_512 4/30/22 7:33 PM bluetoothd Endpoin
[Touch-packages] [Bug 1987523] Re: Pulsaudio crashes once BT microphone is connected
Hello Ante, or anyone else affected, Accepted pulseaudio into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pulseaudio/1:15.99.1+dfsg1-1ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1987523 Title: Pulsaudio crashes once BT microphone is connected Status in pulseaudio package in Ubuntu: Fix Committed Status in pulseaudio source package in Jammy: Fix Committed Bug description: * Impact When I connect my BT headset with microphone and change profile to HFP, Pulsaudio crashes, sometimes even crashing Gnome itself. * Test case - Connect a bluetooth headset to the computer - Try to change the profile to HFP from the desktop settings or the pulseaudio cli -> the profile should get correctly selected, the service shouldn't crash * Regression potential The changes are in the functions handling mSBC packets which handle bluetooth HFP codecs, so any regression would concern bluetooth devices using that profile. --- When I connect my BT headset with microphone and change profile to HFP, Pulsaudio crashes, sometimes even crashing Gnome itself. Syslog reports: Aug 24 13:44:20 p14s kernel: [21412.562760] input: Bowers & Wilkins PX (AVRCP) as /devices/virtual/input/input37 Aug 24 13:44:21 p14s pulseaudio[50808]: Battery Level: 80% Aug 24 13:44:21 p14s pulseaudio[50808]: Dock Status: undocked Aug 24 13:44:21 p14s bluetoothd[1070]: sdp_extract_attr: Unknown data descriptor : 0x1 terminating Aug 24 13:44:23 p14s rtkit-daemon[1330]: Supervising 7 threads of 3 processes of 1 users. Aug 24 13:44:23 p14s rtkit-daemon[1330]: Successfully made thread 51716 of process 50808 owned by '1000' RT at priority 5. Aug 24 13:44:23 p14s rtkit-daemon[1330]: Supervising 8 threads of 3 processes of 1 users. Aug 24 13:44:23 p14s gsd-media-keys[50921]: Unable to get default sink Aug 24 13:44:23 p14s gsd-media-keys[50921]: Unable to get default source Aug 24 13:44:23 p14s mattermost-desktop.desktop[51425]: [51425:0824/134423.604313:ERROR:gl_surface_presentation_helper.cc(260)] GetVSyncParametersIfAvailable() failed for 3 times! Aug 24 13:44:23 p14s pulseaudio[50808]: Assertion 'remaining == 0' failed at ../src/modules/bluetooth/bt-codec-msbc.c:287, function decode_buffer(). Aborting. Aug 24 13:44:24 p14s systemd[19059]: Starting Notification regarding a crash report... Aug 24 13:44:24 p14s update-notifier-crash[51723]: /usr/bin/whoopsie Aug 24 13:44:24 p14s systemd[1]: Started crash report submission. Aug 24 13:44:24 p14s whoopsie[51726]: [13:44:24] Using lock path: /var/lock/whoopsie/lock Aug 24 13:44:24 p14s systemd[1]: whoopsie.service: Deactivated successfully. Aug 24 13:44:24 p14s update-notifier-crash[51725]: gnome-shell Aug 24 13:44:24 p14s update-notifier-crash[51725]: apport-gtk I've identified the upstream fix for this: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/9916f0eace6ab1825af74a5f9b166918a06ce50e I've built packages with the fix and can confirm that it does solve the problem. Packages are available at: https://launchpad.net/~ivoks/+archive/ubuntu/pulse To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1987523/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981103] Re: System with DNS server in /etc/network/interfaces has bogus systemd-resolved config after upgrade to 22.04
If you changed away from /etc/network/interfaces file to netplan.io configuration (/etc/netplan/...) then you won't need ifupdown. There is a configuartion tool, with simple configs it works: See this info how to convert your network config. But be sure to have physical access to the machine's console: https://gist.github.com/mss/7a8e048dd51e5ef928039f1450ba8f31 I did this for my systems and removed and purged ifupdown. For some configs it may be very complex, especially if you have many tunnels, bridges or other special stuff in /etc/network/interfaces. But for simple single ethernet/wifi device it is easy to migrate using the above GIST. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1981103 Title: System with DNS server in /etc/network/interfaces has bogus systemd- resolved config after upgrade to 22.04 Status in ifupdown package in Ubuntu: Confirmed Bug description: Description:Ubuntu 22.04 LTS Release:22.04 ifupdown: Installed: 0.8.36+nmu1ubuntu3 Candidate: 0.8.36+nmu1ubuntu3 Version table: *** 0.8.36+nmu1ubuntu3 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages 100 /var/lib/dpkg/status After upgrading a server with classic ifupdown configuration after reboot the machine had no valid dns servers anymore. The problem is that the state file created by ifupdown using /etc/network/if-up.d/resolved looks like this: root@pangaea-pm:~# cat /run/network/ifupdown-inet-ens13 "DNS"="134.102.20.20 134.102.200.14" "DOMAINS"="marum.de" The script later sources this file and causes the following errors, easy to see when you execute this: root@pangaea-pm:~# ifdown ens13; ifup ens13 /etc/network/if-down.d/resolved: 12: mystatedir: not found /etc/network/if-up.d/resolved: 12: mystatedir: not found /etc/network/if-up.d/resolved: 71: DNS: not found /etc/network/if-up.d/resolved: 1: /run/network/ifupdown-inet-ens13: DNS=134.102.20.20 134.102.200.14: not found /etc/network/if-up.d/resolved: 2: /run/network/ifupdown-inet-ens13: DOMAINS=marum.de: not found Failed to parse DNS server address: DNS Failed to set DNS configuration: Invalid argument This happened to me on three different servers, so this is a serious bug and should be fixed before 22.04 upgrades are allowed for everybody. Most servers provided by data centers like Hetzner (Germany) are configure like that. After a do-release-upgrade you have no working DNS anymore, unless you disable systemd-resolved. I don't want to use netplan, so changing to this is no option. The fix is easy - remove the quotes in the script on the left side "$DNS" => $DNS; same for DOMAINS: if [ -n "$NEW_DNS" ]; then cat <"$mystatedir/ifupdown-${ADDRFAM}-$interface" $DNS="$NEW_DNS" EOF if [ -n "$NEW_DOMAINS" ]; then cat <>"$mystatedir/ifupdown-${ADDRFAM}-$interface" $DOMAINS="$NEW_DOMAINS" EOF fi fi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1981103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled
** Description changed: + [Impact] + + Path to samba-bgqd is wrong on 22.04. + Changing from /usr/lib*/samba/samba-bgqd into /usr/lib/@{multiarch}/samba/samba-bgqd to align different architectures. + The @{multiarch} was initialized at the code before. + Before fixing it might confuse users with ambiguity. + This was later changed by moving the binary, but for an SRU let us just adapt the path in apparmor. + + + Obviously, the bug doesn’t affect users by default, because the samba profiles + are only installed and activated if you install the apparmor-profiles package and moreover it has to be in enforce mode to affect users. The profile is applied in complain mode by default. + After all these conditions are met, then the impact is that the samba services will fail to start. + + The next thing which occurred was the problem with ‘k’ flag which was + needed in for the *.tdb files within /etc/apparmor.d/abstractions/samba. + + + [Test Plan] + + ** Reproduction ** + + Make a container for testing: + + + $ lxc launch ubuntu-daily:jammy jammy-test + $ lxc shell jammy-test + + + 1.First of all, install apparmor-profiles, apparmor-utils and samba. + $ apt install apparmor-profiles apparmor-utils samba + + 2.Perform proper command to display current running processes. (e.g. ps fauxZ). + $ ps fauxZ + + nmbd (complain) root2129 0.0 0.0 68720 10628 ? Ss 16:43 0:00 /usr/sbin/nmbd --foreground --no-process-group + smbd (complain) root2141 0.0 0.1 84840 16264 ? Ss 16:43 0:00 /usr/sbin/smbd --foreground --no-process-group + smbd (complain) root2143 0.0 0.0 82360 8544 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + smbd (complain) root2144 0.0 0.0 82352 6820 ? S16:43 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + + + 3.At the end of the output, you should be able to see smbd(complain) in + the left column. + + + 4.Then check the dmesg output. + + + $ dmesg -T + + [Wed Aug 24 8:24:11 2022] audit: type=1400 audit(1661883574.507:2124): apparmor="ALLOWED" operation="exec" namespace="root//lxd-jammy-apparmor-testMMilion1_" profile="smbd" name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=526045 comm="smbd" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 + [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.875:92): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/names.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 + [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.887:93): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/gencache.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 + [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.899:94): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/brlock.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 + [Wed Aug 24 08:24:11 2022] audit: type=1400 audit(1661329451.903:95): apparmor="ALLOWED" operation="file_lock" profile="samba-bgqd" name="/run/samba/locking.tdb" pid=803 comm="samba-bgqd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0 + + + 5.At the end of the output, you will notice profile=”samba-bgqd” apparmor=”ALLOWED” + + + 6.Later, check the apparmor status using the aa-status command. + + $ aa-status + + 24 profiles are in complain mode. +avahi-daemon +dnsmasq +dnsmasq//libvirt_leaseshelper +identd +klogd +mdnsd +nmbd +nscd +php-fpm +ping +samba-bgqd +smbldap-useradd +smbldap-useradd///etc/init.d/nscd +snap.git-ubuntu.git-ubuntu +snap.git-ubuntu.import-source-packages +snap.git-ubuntu.man +snap.git-ubuntu.merge-changelogs +snap.git-ubuntu.reconstruct-changelog +snap.git-ubuntu.self-test +snap.git-ubuntu.source-package-walker +snap.git-ubuntu.update-repository-alias +syslog-ng +syslogd +traceroute + + You will notice that samba-bgqd is still in complain mode. + + + 7.Type in aa-enforce /etc/apparmor.d/samba-bgqd + /etc/apparmor.d/usr.sbin.smbd to set the paths to enforce mode. + + Setting /etc/apparmor.d/samba-bgqd to enforce mode. + Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. + + Now when you display current running processes, you will see that smbd + is enforced. + + $ ps fauxZ + + smbd (enforce) root2281 0.0 0.1 84840 16416 ? Ss 14:50 0:00 /usr/sbin/smbd --foreground --no-process-group + smbd (enforce) root2283 0.0 0.0 82360 8476 ? S14:50 0:00 \_ /usr/sbin/smbd --foreground --no-process-group + smbd (enforce) root2284 0.0 0.0 82352 6748 ? S14:50 0:00 \_ /usr/sbin/smb
[Touch-packages] [Bug 1988230] Re: glib 2.73 breaks modemmanager
** Changed in: glib2.0 (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1988230 Title: glib 2.73 breaks modemmanager Status in GLib: New Status in glib2.0 package in Ubuntu: Triaged Status in modemmanager package in Ubuntu: Fix Released Status in glib2.0 package in Debian: Fix Released Bug description: I'm filing this bug in case we want to fix it before letting glib 2.73 in to kinetic. To manage notifications about this bug go to: https://bugs.launchpad.net/glib/+bug/1988230/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981103] Re: System with DNS server in /etc/network/interfaces has bogus systemd-resolved config after upgrade to 22.04
+1, can I simply remove ifupdown (e.g. apt remove ifupdown), do I still need it with 22.04.1? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1981103 Title: System with DNS server in /etc/network/interfaces has bogus systemd- resolved config after upgrade to 22.04 Status in ifupdown package in Ubuntu: Confirmed Bug description: Description:Ubuntu 22.04 LTS Release:22.04 ifupdown: Installed: 0.8.36+nmu1ubuntu3 Candidate: 0.8.36+nmu1ubuntu3 Version table: *** 0.8.36+nmu1ubuntu3 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages 100 /var/lib/dpkg/status After upgrading a server with classic ifupdown configuration after reboot the machine had no valid dns servers anymore. The problem is that the state file created by ifupdown using /etc/network/if-up.d/resolved looks like this: root@pangaea-pm:~# cat /run/network/ifupdown-inet-ens13 "DNS"="134.102.20.20 134.102.200.14" "DOMAINS"="marum.de" The script later sources this file and causes the following errors, easy to see when you execute this: root@pangaea-pm:~# ifdown ens13; ifup ens13 /etc/network/if-down.d/resolved: 12: mystatedir: not found /etc/network/if-up.d/resolved: 12: mystatedir: not found /etc/network/if-up.d/resolved: 71: DNS: not found /etc/network/if-up.d/resolved: 1: /run/network/ifupdown-inet-ens13: DNS=134.102.20.20 134.102.200.14: not found /etc/network/if-up.d/resolved: 2: /run/network/ifupdown-inet-ens13: DOMAINS=marum.de: not found Failed to parse DNS server address: DNS Failed to set DNS configuration: Invalid argument This happened to me on three different servers, so this is a serious bug and should be fixed before 22.04 upgrades are allowed for everybody. Most servers provided by data centers like Hetzner (Germany) are configure like that. After a do-release-upgrade you have no working DNS anymore, unless you disable systemd-resolved. I don't want to use netplan, so changing to this is no option. The fix is easy - remove the quotes in the script on the left side "$DNS" => $DNS; same for DOMAINS: if [ -n "$NEW_DNS" ]; then cat <"$mystatedir/ifupdown-${ADDRFAM}-$interface" $DNS="$NEW_DNS" EOF if [ -n "$NEW_DOMAINS" ]; then cat <>"$mystatedir/ifupdown-${ADDRFAM}-$interface" $DOMAINS="$NEW_DOMAINS" EOF fi fi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1981103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1978079] Re: EFI pstore not cleared on boot
Verification done for focal: - Environment - ubuntu@crustle:~$ uname -a Linux crustle 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ubuntu@crustle:~$ cat /etc/os-release NAME="Ubuntu" VERSION="20.04.4 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.4 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; VERSION_CODENAME=focal UBUNTU_CODENAME=focal ubuntu@crustle:~$ systemd --version systemd 245 (245.4-4ubuntu3.18) +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid root@crustle:/home/ubuntu# cat /sys/module/pstore/parameters/backend efi - - Test steps - See [Test Plan] - - Result - Verification : OK root@crustle:/home/ubuntu# echo 1 > /proc/sys/kernel/sysrq root@crustle:/home/ubuntu# echo 1 > /proc/sys/kernel/panic root@crustle:/home/ubuntu# echo "c" > /proc/sysrq-trigger * system reboots * root@crustle:/home/ubuntu# ls /sys/fs/pstore root@crustle:/home/ubuntu# ls /var/lib/systemd/pstore 166271364 root@crustle:/home/ubuntu# systemctl status systemd-pstore ● systemd-pstore.service - Platform Persistent Storage Archival Loaded: loaded (/lib/systemd/system/systemd-pstore.service; enabled; vendor preset: enabled) Active: active (exited) since Fri 2022-09-09 08:57:29 UTC; 3min 10s ago Docs: man:systemd-pstore(8) Process: 639 ExecStart=/lib/systemd/systemd-pstore (code=exited, status=0/SUCCESS) Main PID: 639 (code=exited, status=0/SUCCESS) Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364709001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364709001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364708001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364708001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364607001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364607001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364606001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364606001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364605001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364605001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364604001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364604001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364603001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364603001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364602001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364602001 Sep 09 08:57:29 crustle systemd-pstore[639]: PStore dmesg-efi-166271364601001 moved to /var/lib/systemd/pstore/166271364/dmesg-efi-166271364601001 Sep 09 08:57:29 crustle systemd[1]: Finished Platform Persistent Storage Archival. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1978079 Title: EFI pstore not cleared on boot Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Focal: Fix Committed Status in systemd source package in Impish: Won't Fix Status in systemd source package in Jammy: Fix Released Status in systemd source package in Kinetic: Fix Released Bug description: [Impact] Systemd has a systemd-pstore component that scans the pstore on boot and if non-empty, takes all previously created dumps, transfers them into its journal and removes the pstore elements. This is very important on UEFI systems, which only have a limited amount of space for variables. In Ubuntu, the kernel is configured with CONFIG_EFI_VARS_PSTORE=m which means the EFI pstore support gets loaded dynamically. In all of my boots, this dynamic module loading happened *after* systemd tried to check for pstore variables. So systemd-pstore never starts and never clears the UEFI variable store. I see this happening in AWS on Graviton instances, which eventually run out of space to store the dumps. On real hardware, this behavior may lead to unbootable systems. ``` $ systemctl status systemd-pstore ○ systemd-pstore.service - Platform Persistent Storage Archival Loaded: loaded (/lib/systemd/system/systemd-pstore.service; enabled; vendor preset: enabled) Active: inactive (dead) Condition: start condition failed at Thu 2022-06-09 09:11:41 UTC; 29min ago └─ ConditionDirectoryNotE